search for: server_host_key_blob

...rve25519_SCALARBYTES + +void +kexc25519_client(Kex *kex) +{ + BIGNUM *shared_secret; + Key *server_host_key; + u_char client_key[CURVE25519_PRIVKEY_SIZE]; + u_char client_pubkey[CURVE25519_PUBKEY_SIZE]; + u_char *server_pubkey = NULL; + u_char shared_secret_raw[CURVE25519_PUBKEY_SIZE]; + u_char *server_host_key_blob = NULL, *signature = NULL; + u_char *hash; + u_int rnd = 0, slen, sbloblen, hashlen, i; + + /* generate private key */ + for (i = 0; i < sizeof(client_key); i++) { + if (i % 4 == 0) + rnd = arc4random(); + client_key[i] = rnd; + rnd >>= 8; + } + crypto_scalarmult_curve25519_bas...

...r_put_bignum2(&b, shared_secret); diff -bur openssh-3.7.1p2.orig/kexdhc.c openssh-3.7.1p2/kexdhc.c --- openssh-3.7.1p2.orig/kexdhc.c Mon Feb 24 02:06:32 2003 +++ openssh-3.7.1p2/kexdhc.c Tue Oct 7 08:22:00 2003 @@ -62,7 +62,7 @@ packet_read_expect(SSH2_MSG_KEXDH_REPLY); /* key, cert */ - server_host_key_blob = packet_get_string(&sbloblen); + server_host_key_blob = packet_get_binary(&sbloblen); server_host_key = key_from_blob(server_host_key_blob, sbloblen); if (server_host_key == NULL) fatal("cannot decode server_host_key_blob"); @@ -86,7 +86,7 @@ #endif /* signed H */ - s...

In sshconnect.c there are two global variables for server_version_string client_version_string. These are used just in a few functions and can easily be passed as parameters. Also, there is a strange construct, where their memory is allocated to the global pointers, then copies of these pointers are assigned to the kex structure. The kex_free finally frees them via cleanup of the kex

...=========================================================== RCS file: /cvs/src/usr.bin/ssh/kexgexc.c,v retrieving revision 1.11 diff -u -r1.11 kexgexc.c --- kexgexc.c 6 Nov 2006 21:25:28 -0000 1.11 +++ kexgexc.c 15 Nov 2006 14:14:33 -0000 @@ -124,8 +124,6 @@ fatal("type mismatch for decoded server_host_key_blob"); if (kex->verify_host_key == NULL) fatal("cannot verify server_host_key"); - if (kex->verify_host_key(server_host_key) == -1) - fatal("server_host_key verification failed"); /* DH parameter f, server public DH key */ if ((dh_server_pub = BN_new()) == NUL...